You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
SOmetimes, itis necessary for multiple systems to access the Weakforced API, but you want to separate the credentials for security reasons. It may be that a custom function has the potential to do damage, and you want this to be restricted to just one place.
Describe the solution you'd like
Currently, weakforced supports a single user (wforce) and password for authentication.
Ideally, we would be able to have multiple user:password credentials defined, and to be able to test against the authenticated username in custom functions (so, for example, a custom function could exit with an error unless the authorised credential was used)
Describe alternatives you've considered
Using the same credentials everywhere works, but has obvious security implications, plus making a change to the password means changing it everywhere.
A web proxy could possibly achieve this, but since the functions are selected by parameters rather than by URL path it is more complex.
Additional context
We have 3 applications linked to weakforced for authorisation. We recently had to change the wforce password due to an issue in one application, which meant having to change in all 3 applications (managed by different teams) and test suites. This could be simpler.
The text was updated successfully, but these errors were encountered:
BTW in the latest versions of wforce (2.6 onwards) the commands are all available as /command/blah as well as the old-style /?command=blah if that helps...
Is your feature request related to a problem? Please describe.
SOmetimes, itis necessary for multiple systems to access the Weakforced API, but you want to separate the credentials for security reasons. It may be that a custom function has the potential to do damage, and you want this to be restricted to just one place.
Describe the solution you'd like
Currently, weakforced supports a single user (wforce) and password for authentication.
Ideally, we would be able to have multiple user:password credentials defined, and to be able to test against the authenticated username in custom functions (so, for example, a custom function could exit with an error unless the authorised credential was used)
Describe alternatives you've considered
Using the same credentials everywhere works, but has obvious security implications, plus making a change to the password means changing it everywhere.
A web proxy could possibly achieve this, but since the functions are selected by parameters rather than by URL path it is more complex.
Additional context
We have 3 applications linked to weakforced for authorisation. We recently had to change the wforce password due to an issue in one application, which meant having to change in all 3 applications (managed by different teams) and test suites. This could be simpler.
The text was updated successfully, but these errors were encountered: